On 07/11/2025 17:12, Boris Brezillon wrote:
> The shmem layer zeroes out the new pages using cached mappings, and if
> we don't CPU-flush we might leave dirty cachelines behind, leading to
> potential data leaks and/or asynchronous buffer corruption when dirty
> cachelines are evicted.
>
> Fixes: 8a1cc07578bf ("drm/panthor: Add GEM logical block")
> Signed-off-by: Boris Brezillon <[email protected]>
Pushed to drm-misc-fixes
> ---
> drivers/gpu/drm/panthor/panthor_gem.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_gem.c
> b/drivers/gpu/drm/panthor/panthor_gem.c
> index f369cc3e2a5f..2c12c1c58e2b 100644
> --- a/drivers/gpu/drm/panthor/panthor_gem.c
> +++ b/drivers/gpu/drm/panthor/panthor_gem.c
> @@ -281,6 +281,23 @@ panthor_gem_create_with_handle(struct drm_file *file,
>
> panthor_gem_debugfs_set_usage_flags(bo, 0);
>
> + /* If this is a write-combine mapping, we query the sgt to force a CPU
> + * cache flush (dma_map_sgtable() is called when the sgt is created).
> + * This ensures the zero-ing is visible to any uncached mapping created
> + * by vmap/mmap.
> + * FIXME: Ideally this should be done when pages are allocated, not at
> + * BO creation time.
> + */
> + if (shmem->map_wc) {
> + struct sg_table *sgt;
> +
> + sgt = drm_gem_shmem_get_pages_sgt(shmem);
> + if (IS_ERR(sgt)) {
> + ret = PTR_ERR(sgt);
> + goto out_put_gem;
> + }
> + }
> +
> /*
> * Allocate an id of idr table where the obj is registered
> * and handle has the id what user can see.
> @@ -289,6 +306,7 @@ panthor_gem_create_with_handle(struct drm_file *file,
> if (!ret)
> *size = bo->base.base.size;
>
> +out_put_gem:
> /* drop reference from allocate - handle holds it now. */
> drm_gem_object_put(&shmem->base);
>
